Synthetic Monitoring

Simulate visitor interaction with your site to monitor the end user experience.

View Product Info

FEATURES

Simulate visitor interaction

Identify bottlenecks and speed up your website.

Learn More

Real User Monitoring

Enhance your site performance with data from actual site visitors

View Product Info

FEATURES

Real user insights in real time

Know how your site or web app is performing with real user insights

Learn More

Infrastructure Monitoring Powered by SolarWinds AppOptics

Instant visibility into servers, virtual hosts, and containerized environments

View Infrastructure Monitoring Info
Comprehensive set of turnkey infrastructure integrations

Including dozens of AWS and Azure services, container orchestrations like Docker and Kubernetes, and more 

Learn More

Application Performance Monitoring Powered by SolarWinds AppOptics

Comprehensive, full-stack visibility, and troubleshooting

View Application Performance Monitoring Info
Complete visibility into application issues

Pinpoint the root cause down to a poor-performing line of code

Learn More

Log Management and Analytics Powered by SolarWinds Loggly

Integrated, cost-effective, hosted, and scalable full-stack, multi-source log management

 View Log Management and Analytics Info
Collect, search, and analyze log data

Quickly jump into the relevant logs to accelerate troubleshooting

Learn More

Fun and unusual HTTP response headers

http

HTTP response headers are usually pretty dry reading, but once in a blue moon you do stumble upon something that makes you smile. Here are some of our favorites.

We’ve bolded the interesting parts, and included the other headers for context. (With one exception, cookie headers. We stripped them away since they tend to take up a lot of room.)

Nerd rage

From Myspace.com:

Cache-Control: no-cache, must-revalidate, proxy-revalidate
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Server: d8de1522726f0073ffa08b0fd1ddb74a61a15ee8d5a534aa
X-Frame-Options: SAMEORIGIN
X-AspNet-Version: 4.0.30319
X-PoweredBy: Nerd Rage
Date: Wed, 15 Aug 2012 13:52:47 GMT
Content-Length: 16799

The fun part here is that it varies the responses. We don’t know how many variations there are, but we also got:

  • X-PoweredBy: Unicorns
  • X-PoweredBy: Keebler Elves
  • X-PoweredBy: Charlie Sheen’s Tiger Blood
  • X-PoweredBy: Rats in our Basement

We leave it as an exercise to the reader to find them all. Pokemon for web developers…? 😉

If Batman made web servers

From WordPress.com:

Server: nginx
Date: Wed, 15 Aug 2012 13:49:54 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding, Cookie
Last-Modified: Wed, 15 Aug 2012 13:47:35 GMT
Cache-Control: max-age=161, must-revalidate
X-hacker: If you’re reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
X-Pingback: http://wordpress.com/xmlrpc.php
Link: <http://wp.me/1>; rel=shortlink
X-nananana: Batcache
Content-Encoding: gzip

The Batcache is actually real software developed in-house by Automattic to help power its blog hosting service.

The X-hacker header, pretty much a smart wanted ad. It turns out that this recruitment trick isn’t unusual. Automattic is casting a pretty wide net since all sites on the WordPress.com platform include it. You’ve probably come upon it in the past.

Speaking of that, GigaOm.com (which uses WordPress.com) has a pretty fun addition to the standard WordPress.com response headers, a kind of recruitment override…

Recruitment override

From Gigaom.com:

Server: nginx
Date: Wed, 15 Aug 2012 14:04:39 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding, Cookie
Last-Modified: Wed, 15 Aug 2012 14:03:40 GMT
Cache-Control: max-age=241, must-revalidate
X-hacker: If you’re reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
P3P: CP=”GigaOM has a Privacy Policy available at http://gigaom.com/privacy-policy/”
X-PickUsInstead: Cool company, cooler headers, join the team! Send an email to jobs@gigaom.com and mention this header.
X-Pingback: http://gigaom.com/xmlrpc.php
X-nananana: Batcache
Content-Encoding: gzip

More on using response headers as a recruitment tool a bit further down.

Bananas and rum

From Surveymonkey.com:

Server: nginx
Date: Wed, 15 Aug 2012 14:07:37 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Pragma: no-cache
Cache-Control: private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate
Expires: Sun, 05 Feb 2012 21:08:19 GMT
RTSS: 1
X-Powered-By: Bananas and Rum
Content-Language: sv
Content-Encoding: gzip

Another response has X-Powered-By: Hodor.

Drop that table

From Reddit.com:

Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Set-Cookie:
Content-Encoding: gzip
Server: ‘; DROP TABLE servertypes; —
Content-Length: 18033
Date: Wed, 15 Aug 2012 13:30:32 GMT
Connection: keep-alive

No comment on that one… 🙂

Version: 1337

From SME.sk:

Content-Type: text/html
Expires: Wed, 15 Aug 2012 14:15:52 GMT
Cache-Control: public
Content-Encoding: gzip
Content-Length: 20583
Accept-Ranges: bytes
Date: Wed, 15 Aug 2012 14:15:22 GMT
Age: 14
Connection: keep-alive
Server: ninja web server 1.3.3.7

Best version number ever?

Don’t hurt our server!

From Howtogeek.com:

Content-Encoding: gzip
Vary: Accept-Encoding
Date: Wed, 15 Aug 2012 14:16:34 GMT
Server: LiteSpeed
Accept-Ranges: bytes
Etag: “f626-502baee7-18fca4”
Last-Modified: Wed, 15 Aug 2012 14:15:03 GMT
Content-Type: text/html
Content-Length: 12660
X-Geek: What’s black and white and red all over? Please don’t kill our penguin-powered server.
X-Awesome: If you found this header please email us about a writing job.

More recruitment (which we’ll have more of later) but we especially like the little plea to be nice to their server.

Alternative power sources

From Bayfiles.com:

X-Powered-By: hamster.in.boogie.wheel
Content-Type: text/html
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2144
Date: Wed, 15 Aug 2012 14:18:18 GMT
Server: lighttpd/2.0.0

Green tech?

Wolverine

From Marvel.com:

Server: Apache
P3P: CP=”ALL DSP COR NID CURa TAIa OTPi OUR BUS UNI INT PRE”
Expires: -1
Vary: Accept-Encoding,Cookie
Content-Encoding: gzip
X-ServerNickName: Wolverine
Content-Type: text/html; charset=utf-8
Content-Length: 15078
Accept-Ranges: bytes
Date: Wed, 15 Aug 2012 14:20:43 GMT
Age: 25
Connection: keep-alive

Nice detail by Marvel. Another one the site responds with is X-ServerNickName: Leech, but who doesn’t love Wolverine?

Obscure references

From Collegehumor.com:

Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Accept-Encoding
Content-Encoding: gzip
X-Toynbee-Idea: In Kubrick’s 2001 Resurrect Dead On Planet Jupiter
X-CH-Backend: fe-ch-15.cv.live (70)
Content-Type: text/html
X-Varnish-IP: 192.168.2.60
X-Cacheable: YES
Cache-Control: max-age=0
Content-Length: 17482
Date: Wed, 15 Aug 2012 14:23:28 GMT
X-Varnish: 174924076 174922405
Age: 58
Via: 1.1 varnish
Connection: keep-alive
X-Cache: HIT (6)

To appreciate this one, you need to read up a bit on Toynbee tiles

Tablet hosting

From Mysitecost.ru:

Date: Wed, 15 Aug 2012 14:38:14 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Server: iPad.3
Content-Encoding: gzip

Probably untrue, but who knows? God knows there are some unusual hosting projects out there.

Cooking with gasoline

From Pcworld.com:

Date: Wed, 15 Aug 2012 15:00:52 GMT
Server: Apache
X-GasHost: gas1
X-Cooking-With: Gasoline-Local
X-Gasoline-Age: 412
Last-Modified: Wed, 15 Aug 2012 14:58:20 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 27690

Charmingly named tech.

Here’s one we caught back in May, but it’s gone now:

What? And no thanks to whom?

From Inquirer.net:

Server: nginx/1.0.4
Vary: Accept-Encoding
Accept-Ranges: bytes
Guyito: does not live here. no thanks to erwin lomibao.
Via: HTTP/1.1 GWA
Date: Fri, 18 May 2012 22:41:52 GMT
Expires: Fri, 18 May 2012 22:41:52 GMT
Cache-Control: max-age=0, no-cache
X-Page-Speed: 35_4_rr
Content-Type: text/html; charset=utf-8
X-XSS-Protection: 1; mode=block
Connection: close

We have no idea what that was about. Seems to have been related to some strange competition

We want to live. Just sayin’

From Telegraaf.nl:

Server: nginx
Date: Wed, 15 Aug 2012 15:03:04 GMT
Content-Type: text/html
Etag: W/”290358-1345042682000″
Last-Modified: Wed, 15 Aug 2012 14:58:02 GMT
Cache-Control: max-age=120
Expires: Wed, 15 Aug 2012 15:03:42 GMT
P3P: policyref=”http://www.telegraaf.nl/w3c/p3p.xml”, CP=”NON DSP COR CURa ADMa DEVa CUSa TAIa PSAa PSDa OUR DELa IND UNI COM NAV INT DEM PRE”
X-Cacheable: Yes:120.004:/
X-Varnish: 1120547193 1120429288
Age: 82
Via: 1.1 varnish
X-Served-By: killer
X-Cache: HIT
Vary: Accept-Encoding
Content-Encoding: gzip

Should we be worried…?

Oh, hai

From Wellsfargo.com:

Server: KONICHIWA/1.0
Date: Wed, 15 Aug 2012 14:52:44 GMT
Content-Type: text/html;charset=UTF-8
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked

Fun server obfuscation. If you absolutely need to know, you can Google it to find out what it actually is.

HTTP response headers as a recruitment tool

As we said earlier, there are quite a few websites that use these response headers for recruitment purposes. It makes sense if you’re looking for people who are into web tech, doesn’t it?

Automattic is the most famous example, but there are many others. Here is a selection.

Booking.com

Date: Wed, 15 Aug 2012 14:45:05 GMT
Server: Apache
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Content-Length: 31952
Vary: Accept-Encoding
Cache-Control: private
Content-Encoding: gzip
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

Seomoz.org

Date: Wed, 15 Aug 2012 14:53:51 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.14
Cache-Control: no-cache, must-revalidate
Expires: Sat, 26 Jul 1997 05:00:00 GMT
P3P: CP=”NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM”
X-Recruiting: If you’re reading this, maybe you should be working at SEOmoz instead. Check out www.seomoz.org/about/jobs
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6970
Connection: close
Content-Type: text/html

Exactly the same as the next one. Hmmm?

Zappos.com

Server: nginx/1.1.17
Content-Type: text/html; charset=utf-8
X-Powered-By: Ponies!
X-Varnish-TTL: 60m
X-Varnish: 977664209 977642627
X-Cache-Hits: 2091
X-Varnish-Host: varnish04.zappos.net
X-Varnish-ID: drupal
X-Core-Value: 5. Pursue Growth and Learning
X-Recruiting: If you’re reading this, maybe you should be working at Zappos instead.  Check out jobs.zappos.com
X-UUID: 68784e3a-e6e5-11e1-84a7-00215e22da70
Content-Encoding: gzip
Content-Length: 25119
Vary: Accept-Encoding
Cache-Control: max-age=1810
Date: Wed, 15 Aug 2012 14:57:22 GMT

Plus, the Zappos website is apparently powered by ponies. But of course.

Zoopla.co.uk

Cache-Control: no-cache
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Wed, 15 Aug 2012 15:05:16 GMT
Expires: Wed, 15 Aug 2012 15:05:15 GMT
Pragma: no-cache
Server: nginx/1.2.1
Vary: Accept-Encoding
X-Core-Mission: Empowering consumers with the resources they need to make better-informed property decisions
X-Jobs: If you’re reading this, maybe you should be working at Zoopla? Please visit www.zoopla.co.uk/jobs/
X-Powered-By: Passion
Transfer-Encoding: chunked
Connection: keep-alive

Bestylish.com

Date: Wed, 15 Aug 2012 15:07:26 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Server: NixOS 1.5b Jatinga Release
X-Hire: If you are reading this, maybe you should work with us.
Content-Encoding: gzip

Phew…

Going through HTTP headers to find something odd and interesting is a bit like sifting for gold. You have to go through a lot of dirt, but you can end up with some nice little nuggets along the way. We hope you liked these!

A final little side note: If you like this stuff there’s also a pretty awesome post over at netthing.org about unconventional HTTP headers that you might want to check out.

Top image via ShutterStock.

SolarWinds Observability SaaS now offers synthetic transaction monitoring

Powerful transaction monitoring now complements the availability and real user [...]

Exit Rate vs Bounce Rate – Which One You Should Improve and Why

Tracking your website’s exit and bounce rates will give you insight into how [...]

Introduction to Observability

These days, systems and applications evolve at a rapid pace. This makes analyzi [...]

Webpages Are Getting Larger Every Year, and Here’s Why it Matters

Last updated: February 29, 2024 Average size of a webpage matters because it [...]

A Beginner’s Guide to Using CDNs

Last updated: February 28, 2024 Websites have become larger and more complex [...]

Monitor your website’s uptime and performance

With Pingdom's website monitoring you are always the first to know when your site is in trouble, and as a result you are making the Internet faster and more reliable. Nice, huh?

START YOUR FREE 30-DAY TRIAL

MONITOR YOUR WEB APPLICATION PERFORMANCE

Gain availability and performance insights with Pingdom – a comprehensive web application performance and digital experience monitoring tool.

START YOUR FREE 30-DAY TRIAL
Start monitoring for free